Secret scanning has recently expanded coverage to GitHub discussions and pull requests. GitHub is now performing a backfill scan, which will detect any historically existing secrets found in GitHub discussions…
Code scanning autofix is now available in public beta for all GitHub Advanced Security customers. Powered by GitHub Copilot, code scanning suggests fixes for Javascript, Typescript, Java, and Python alerts…
Users of secret scanning will now receive alerts for any new secrets exposed in a pull request’s title, description, or comments (including reviews). Alerts can be viewed within the UI…
To help users better understand the state of a pull request, we now provide more details in two specific cases. Merged indirectly If a pull request’s commits are merged into…
If you are using the Dependabot grouped version updates feature (currently in public beta), you can now tell Dependabot to ignore updates in the group (similar to how you can…
With the new Issue Metrics GitHub Action, you can now track and monitor important metrics related to issues, pull requests, and discussions, such as time to first response, time to close, and more!
Today we are announcing the general availability of pull request merge queue! 🎉 Merge queue helps increase velocity in software delivery by automating pull request merges into your busiest branches.…
Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.
Enterprise users will now notice added functionality where Dependabot security and version updates may be paused for repositories. If you are an enterprise user that uses Dependabot updates and there…
We’ve shipped a fix to ensure merges by the pull request merge queue are always attributed to the GitHub Merge Queue bot (github-merge-queue[bot]). This change applies to new merges by…
We’ve shipped a small fix to improve security around creation of pull requests in public repos. Prior to this fix and under very specific conditions, a user could create a…
Announcing important changes to what it means for a pull request to be ‘approved’. If you use pull requests with protected branches, there are some important security improvements rolling out…
Creating an open source project can feel a bit like sending out an open invite to a party—will it be a roaring good time, or will you unbegrudginly dine on…
GitHub Desktop 3.2.3 makes force pushing and fetching through the newly added fetch/pull dropdown menu items as well as adding pull request comment notifications. Since 3.2.1, GitHub Desktop has also…
As we work towards general availability of pull request merge queue, we want to thank everyone that has provided feedback ❤ (keep it coming!) and let you know about some…
When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this…
Commenting on files (including deleted, binary, and renamed files) in a pull request is now generally available on the web and GitHub Mobile! A special thank you to everyone that…
GitHub Security was notified about an issue where private issue and pull request titles would be displayed in search results. Our Security team investigated potential instances and determined that this…
Code scanning is now using a new way of analysing and displaying alerts on pull requests. The change ensures code scanning only shows accurate and relevant alerts for the pull…
Commenting directly on a file in a pull request (not just a specific line) is now available in public beta! 🎉 With this capability you can now comment on deleted,…
In GitHub Desktop 3.1, we introduced viewing the diff of changes across multiple commits. This allows you to be certain there are no unintended changes in the group of commits…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
